September 12th, 2005

The proposed Spam Control Bill includes, in addition to email spam, legal measures to manage mobile spam in Singapore. The Bill also proposes that anyone who suffers damages or loss arising from spam be given the right to initiate legal action against non-compliant spammers. The draft Bill also proposes that if found guilty, non-compliant spammers can be directed by the court to stop their spamming activities or pay damages to the affected parties.

September 12th, 2005

Microsoft-bashing has always being a favourite pastime for many geeks so I wasn’t surprised when I got anti-Microsoft spam in my inbox. Whats was surprising was that it was send by a group called SPAMIS – Strategic Partnership Against Microsoft Illegal Spam.

May 22nd, 2005

There is a DBS phishing spam targeted at Singaporean mailboxes. You probably get something that look like this too:

Do not be fool by it.

Look at the raw email and you will find that it actually comes from hostpymes.com, registered to someone called Soria, Luis based in Peru.

Already as early as last year, we were aware the biggest problem of spam isn’t penis enlargement, viagra or even porn spams but rather targetted phishing attacks like this. Estimation of the phishing problem are in the billions in US alone. It is the reason why we still talking about Antispam (I know, most people have given up and have learnt just to delete them). It is also the reason why FBI is attending ICANN.

btw, this isn’t the first phishing attempt in Singapore. There is a smaller and poorly done phishing last year.

May 3rd, 2005

I am now at MCMC for a discussion on Anti-Spam Strategies – The way forward for ASEAN Telecommunications Regulators’ Council (ATRC). Lots of people are here: OCED, ITU, FTC, various regulators from the region and also industry. But I think this is a close-door event so I couldn’t blog much what was discussed here.

Anyway, coming to MCMC in Cyberjaya is a challenge – even the Taxi driver couldn’t find the way here – so I end up a bit late but in time for my presentation in the morning. I think I did pretty well1 judging from the responses I got from the audience. Oh, one thing I could share tho – during my Q&A, someone asked me to explain blog spam; I started with ‘Well, Malaysian would know blog, thanks to Jeff Ooi …’ and I heard chuckles around the room. Yes, everyone read Jeff ;-)

This is my first time in MCMC new building and I actually met (and have lunch) with the Chairman of MCMC this time. It is also nice to catch up with friends from MCMC … more tea tarik later. ;-)

1 I learned something today: I do well in presentation, I sux on camera and interview. Ah, got to figure out how to improve in those areas…

April 14th, 2005

Spam – everyone has it and we all know what it does. Porn spam are down and phishing, 411 and chinese marketers are the norm these days. But I am scratching my head what kind of spam is this.

Hello,

My daughter is interested in learning the Punjabi Drum,piano as mentioned by
you and I am happy with your area of specialty.

She will be in by the 1st week in May and will be
returning home by November so,I will want you to help me
in lessoning her an hour,2X a week on playing the Gurpreet
I will like to know your exact location and avail me of
your telephone numbers too.

So,please calculate the total cost from 2nd week in May to
the last week of November to me.
I want to arrange for the payment before her departure .
Please reply as soon as possible.

Thank you.
Sincerely,
williams.

N:B
HENCEFORTH, ENDEAVOUR TO MAIL ME BACK TO THIS MY PERSONAL
E-MAIL BOX.

February 4th, 2005

Several MT users has emailed me to write a Captcha solution to the latest trackback spams problem. Unfortunately, Captcha cannot be easily integrated with trackback. In fact, trackback spams are harder to catch because both legit and spams trackback are normally send by machines so any tools that tries to differentiate human from machine will not work.

Nevertheless, I promised to do something about it so here is it: MT-TrackbackAntiSpam.
(To install, unzip, put it in your plugins/ directory and make sure it is executable)

The way it works is fairly simple – if the incoming trackback does not come from the host as stated in the URL, we reject the trackback. For example, if a trackback from url http://online-poker.psxtreme.com/ comes from 194.63.235.156 (an open proxy), then it is likely to be spam. (online-poker.psxtreme.com does not resolved to 194.63.235.156).

This solution has two pitfalls however: (1) it does not stop spammers from sending trackback spams from their own host – a small problem for now because spammers has been hiding behind open proxies (2) it may reject legit trackback if it is not sent by their blog-engine (e.g. blogging client)

Nevertheless, I been using it on my Drupal4Blogger for a while and it has been working well. I hope this works out for MT users too.

December 11th, 2004

I got more of these casino comments spam in the last 3 hours. This time the tactic is a bit different – using a bug in my Drupal for Bloggers where I forgot to check for empty captcha to get their comment spam through. Like the last time, it comes from different IP addresses and the referer has also disappeared. So the best guess is that it is embedded in some casino software which then invoke the browser to spam.

While the last attack has incomplete comments body, this time it post with complete sentence except the URL points to an non-existence host. Looks like their tool is still work-in-progress: the bad news is they seem to use my site as a development kit :P

November 7th, 2004

The latest news going around is Microsoft is spamming. What’s the hell is going on? I mean they are suppose to be the ‘Good Guy’ in antispam?

Apparently, the whole thing started because Bob Poortinga posting to SPAM-L which then get proprogated into places like Interesting-People. Normally, such silliness will end but somehow a Washington Reporter thinks this could sells some paper and write a story about it. Well done: Guilty before proven Innocent.

Bill Gates posted his Towards a Spam-Free Cultureover the same email channel last year but no one complains about it been spam at all. Strange isn’t it?

Don’t get me wrong: I think Steves’ email is bias but the fact I don’t like what he say does not make his email a spam. And I have strong believe Microsoft will come out clean here. But *sigh*, there are people willing to make a Linux crusade into an Spam problem and (not) surprisingly people falling for it.

As I argued in APCAUCE list, such incident is dangerous especially for opt-in advocates. It sets an example of how one could potentially be in a position of ‘guilty before proven innocent’ and would certainly not go down well with the law makers. We are just doing ourselves in. Thank you very much Bob.